Skip to main content
Register
Springer Professional
SEARCH
Menu 1 2 3 4
main-content
Top

Hint

Swipe to navigate through the chapters of this book

Published in:
Engineering of Runtime Safety Monitors for Cyber-Physical Systems with Digital Dependability Identities Read chapter Read first chapter

2020 | OriginalPaper | Chapter

Automated Attacker Synthesis for Distributed Protocols

Authors : Max von Hippel, Cole Vick, Stavros Tripakis, Cristina Nita-Rotaru

Published in: Computer Safety, Reliability, and Security

Publisher: Springer International Publishing

Login to get access
share
SHARE

Abstract

Distributed protocols should be robust to both benign malfunction (e.g. packet loss or delay) and attacks (e.g. message replay). In this paper we take a formal approach to the automated synthesis of attackers, i.e. adversarial processes that can cause the protocol to malfunction. Specifically, given a formal threat model capturing the distributed protocol model and network topology, as well as the placement, goals, and interface of potential attackers, we automatically synthesize an attacker. We formalize four attacker synthesis problems - across attackers that always succeed versus those that sometimes fail, and attackers that may attack forever versus those that may not - and we propose algorithmic solutions to two of them. We report on a prototype implementation called Korg and its application to TCP as a case-study. Our experiments show that Korg can automatically generate well-known attacks for TCP within seconds or minutes.
previous chapter Efficient Translation of Safety LTL to DFA Using Symbolic Automata Learning and Inductive Inference
next chapter An Attacker Modeling Framework for the Assessment of Cyber-Physical Systems Security
Footnotes
Literature
1.
2.
Baier, C., Katoen, J.P.: Principles of Model Checking. MIT Press, Cambridge (2008) MATH
3.
Bang, L., Rosner, N., Bultan, T.: Online synthesis of adaptive side-channel attacks based on noisy observations. In: 2018 IEEE European Symposium on Security and Privacy, pp. 307–322. IEEE (2018)
4.
Barthe, G., Dupressoir, F., Fouque, P.A., Grégoire, B., Zapalowicz, J.C.: Synthesis of fault attacks on cryptographic implementations. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1016–1027 (2014)
5.
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE Computer Security Foundations Workshop, pp. 82–96. IEEE Computer Society, Cape Breton (2001)
6.
Branco, R., Hu, K., Kawakami, H., Sun, K.: A mathematical modeling of exploitations and mitigation techniques using set theory. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 323–328. IEEE (2018)
7.
Bratus, S., Locasto, M.E., Patterson, M.L., Sassaman, L., Shubina, A.: Exploit programming: from buffer overflows to weird machines and theory of computation. USENIX Login 36(6), 13–21 (2011)
8.
Cho, C.Y., Babic, D., Poosankam, P., Chen, K.Z., Wu, E.X., Song, D.: MACE: model-inference-assisted concolic exploration for protocol and vulnerability discovery. In: USENIX Security Symposium, vol. 139 (2011)
9.
Chong, S., et al.: Report on the NSF workshop on formal methods for security (2016)
10.
11.
12.
Duran, J.W., Ntafos, S.: A report on random testing. In: Proceedings of the 5th International Conference on Software Engineering, pp. 179–183. IEEE Press (1981)
13.
14.
von Hippel, M., Vick, C., Tripakis, S., Nita-Rotaru, C.: Automated attacker synthesis for distributed protocols (2020). arXiv preprint arXiv:​2004.​01220
15.
Holzmann, G.: The Spin Model Checker. Addison-Wesley, Boston (2003)
16.
Hoque, E., Chowdhury, O., Chau, S.Y., Nita-Rotaru, C., Li, N.: Analyzing operational behavior of stateful protocol implementations for detecting semantic bugs. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 627–638. IEEE (2017)
17.
Huang, S.K., Huang, M.H., Huang, P.Y., Lai, C.W., Lu, H.L., Leong, W.M.: Crax: software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations. In: 2012 IEEE Sixth International Conference on Software Security and Reliability, pp. 78–87. IEEE (2012)
18.
Huang, Z., Etigowni, S., Garcia, L., Mitra, S., Zonouz, S.: Algorithmic attack synthesis using hybrid dynamics of power grid critical infrastructures. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 151–162. IEEE (2018)
19.
Jero, S., Lee, H., Nita-Rotaru, C.: Leveraging state information for automated attack discovery in transport protocol implementations. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 1–12. IEEE (2015)
20.
21.
Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I., Burschka, S.: Generating mimicry attacks using genetic programming: a benchmarking study. In: 2009 IEEE Symposium on Computational Intelligence in Cyber Security, pp. 136–143. IEEE (2009)
22.
Klaška, D., Kučera, A., Lamser, T., Řehák, V.: Automatic synthesis of efficient regular strategies in adversarial patrolling games. In: Proceedings of the 17th International Conference on Autonomous Agents and MultiAgent Systems, pp. 659–666. International Foundation for Autonomous Agents and Multiagent Systems (2018)
23.
24.
McMillan, K.L., Zuck, L.D.: Formal specification and testing of QUIC. In: Proceedings of the ACM Special Interest Group on Data Communication, pp. 227–240. ACM (2019)
25.
Meira-Góes, R., Kwong, R., Lafortune, S.: Synthesis of sensor deception attacks for systems modeled as probabilistic automata. In: 2019 American Control Conference, pp. 5620–5626. IEEE (2019)
26.
Myers, G.J.: The Art of Software Testing. John Wiley & Sons, Hoboken (1979)
27.
Phan, Q.S., Bang, L., Pasareanu, C.S., Malacaria, P., Bultan, T.: Synthesis of adaptive side-channel attacks. In: 2017 IEEE 30th Computer Security Foundations Symposium, pp. 328–342. IEEE (2017)
28.
Pnueli, A.: The temporal logic of programs. In: 18th Annual Symposium on Foundations of Computer Science, pp. 46–57. IEEE (1977)
29.
Postel, J., et al.: Rfc 793 Transmission Control Protocol (1981)
30.
Srivastava, H., Dwivedi, K., Pankaj, P.K., Tewari, V.: A formal attack centric framework highlighting expected losses of an information security breach. Int. J. Comput. Appl. 68(17), 26–31 (2013)
31.
32.
Trippel, C., Lustig, D., Martonosi, M.: Security verification via automatic hardware-aware exploit synthesis: the CheckMate approach. IEEE Micro 39(3), 84–93 (2019) CrossRef
33.
34.
Van Dijk, M., Juels, A., Oprea, A., Rivest, R.L.: FlipIt: The game of “stealthy takeover”. J. Cryptol. 26(4), 655–713 (2013) MathSciNetCrossRef
35.
Vardi, M.Y., Wolper, P.: An automata-theoretic approach to automatic program verification. In: Proceedings of the First Symposium on Logic in Computer Science, pp. 322–331. IEEE Computer Society (1986)
36.
37.
Wideł, W., Audinot, M., Fila, B., Pinchinat, S.: Beyond 2014: formal methods for attack tree-based security modeling. ACM Comput. Surv. 52(4), 1–36 (2019) CrossRef
38.
You, W., et al.: Semfuzz: semantics-based automatic generation of proof-of-concept exploits. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2139–2154 (2017)
39.
Yuan, Y., Moon, S.J., Uppal, S., Jia, L., Sekar, V.: NetSMC: a custom symbolic model checker for stateful network verification. In: 17th USENIX Symposium on Networked Systems Design and Implementation. USENIX Association, Santa Clara (2020)
Metadata
Title
Automated Attacker Synthesis for Distributed Protocols
Authors
Max von Hippel
Cole Vick
Stavros Tripakis
Cristina Nita-Rotaru
Copyright Year
2020
Book
Computer Safety, Reliability, and Security

Print ISBN: 978-3-030-54548-2

Electronic ISBN: 978-3-030-54549-9

Copyright Year: 2020

DOI
https://doi.org/10.1007/978-3-030-54549-9_9

Premium Partner

Neuer Inhalt
    Image Credits